hit counter script

Security-Suite Deny Martian-Addresses - Cisco 300 Series Cli Manual

Stackable managed switches
Hide thumbs Also See for 300 Series:
Table of Contents

Advertisement

16
365
If mask is not specified, it defaults to 255.255.255.255.
If prefix-length is not specified, it defaults to 32.
Command Mode
Interface (Ethernet, Port Channel) Configuration mode
User Guidelines
For this command to work,
both globally and for interfaces.
This command discards ICMP packets with "ICMP type= Echo request" that
ingress the specified interface.
Example
The following example attempts to discard echo requests from an interface.
switchxxxxxx(config)#
switchxxxxxx(config)#
switchxxxxxx(config-if)#
To perform this command, DoS Prevention must be enabled in the per-interface mode.

16.3 security-suite deny martian-addresses

To deny packets containing system-reserved IP addresses or user-defined IP
addresses, use the security-suite deny martian-addresses Global Configuration
mode command.
To restore the default, use the no form of this command.
Syntax
security-suite deny martian-addresses
remove {ip-address {mask | /prefix-length}}
addresses)
security-suite deny martian-addresses
system-reserved IP addresses, see tables below)
no security-suite deny martian-addresses (This command removes addresses
reserved by security-suite deny martian-addresses
show security-suite configuration
security-suite enable global-rules-only
interface gi11
security-suite deny icmp add any /32
{add {ip-address {mask | /prefix-length}} |
reserved {add | remove} (
OL-32830-01 Command Line Interface Reference Guide
Denial of Service (DoS) Commands
must be enabled
(
Add/remove user-specified IP
Add/remove
{add {ip-address {mask |

Advertisement

Table of Contents
loading

Table of Contents